package com.spring.security.client.browser.authorize;

import com.spring.security.core.authorize.AuthorizeConfigProvider;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

/**
 * 浏览器环境默认的授权配置
 *
 * @author_seabed_moon
 */
@Configuration
@Order(Integer.MIN_VALUE)
public class BrowserAuthorizeConfigProvider implements AuthorizeConfigProvider {

    /**
     * (non-Javadoc)
     *
     * @see AuthorizeConfigProvider#config(org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry)
     */
    @Override
    public boolean config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
        // # 放行 OPTIONS 请求
        config.antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
        return false;
    }

}
